Approval Flow Failing With: "Provided Value Cannot Be Parsed As A Valid Distinguished Name when OIM Username has Special characters in it" (Doc ID 2474703.1)

Last updated on MAY 01, 2023

Applies to:

Symptoms

OIM and SOA are used to manage federated users from OAM and a various third party IdPs. One of the IdPs appear to be sending back assertion ID's that are causing issue with SOA approval.

1. New user requests protected OAM resource
2. User logs into IdP
3. User creates IdP account and authenticates user and sends back response with SAML assertion.
4. OAM uses Just In Time provisioning plugin to create OUD record
5. OAM binds a session to this OIM record.
6. New user requests roles via OIM
7. Request goes through Oracle provided RoleOwnerApproal custom workflow, request is created and assigned to the correct catalogue owner.
8. Administrator goes to action request in "Pending Aprovals" section of OIM console
9. Open the Approval for user role request, front end console displays error message:

10. Administrator can not move along the approval process.

For example:

An example of a failing federation username: xyz/pqrst+R4
An example of a working federation username: xyzpqrst+R4 (Same as above, but without '/')

Cause

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.